[keycloak-user] keycloak without token

rdg77390 rdg7739 at gmail.com
Tue Jun 19 08:16:07 EDT 2018


Hi, I created an application using tomcat 8 and keycloak. 
The application has some rest API that will call from the browser. So the
application is both server and application. I believe with Jsessionid in a
cookie, I do not need to pass authentication token if I'm talking to the
same server in the same session. isn't it? Could someone clear this for me?
or should I have to pass access token even if I'm talking to the same
server?
also, I want to use Orbeon in the same tomcat, I set up crosscontext as
true. 
I want it to be secure, but without setup security-constraint, it seems like
keycloak does not protect orbeon path. but it should be protected and should
be able to access without passing access token. Is this make sense? I do not
know if I'm right track or not.




--
Sent from: http://keycloak-user.88327.x6.nabble.com/


More information about the keycloak-user mailing list